Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

bc98a9925d...c7.exe

windows7-x64

6

bc98a9925d...c7.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc98a9925d233cb28ec2440154a870c7.exe

  • Size

    188KB

  • MD5

    bc98a9925d233cb28ec2440154a870c7

  • SHA1

    826db3b47878be826395adaafb1a7509505d8dcd

  • SHA256

    23bec9f9015634b7e18b6bdf7831e0776ca5312568860bba29ed83e1fe9088e3

  • SHA512

    1d64be7bc27e5b45249f28c44293c9bfcf152359e86409ae726e234c17e4fbbed7867d35a8a25d576baa52ac6324baf1bdfd19f6c31921cc71c4ada5b9639284

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8Lk:o68i3odBiTl2+TCU/yk

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc98a9925d233cb28ec2440154a870c7.exe
    "C:\Users\Admin\AppData\Local\Temp\bc98a9925d233cb28ec2440154a870c7.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2884

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      c2ae557ffb21c25313353e5b353ef87f

      SHA1

      93650324b548ee6d00b42c3b34f245344d534f14

      SHA256

      8dd031b746b43260d8bbd6cc0950df8b73e6d7b5bdd8c0e0664713c8578e21ee

      SHA512

      440c4a7a8a1c0d03b6e0ef3e98fe98b84e07606058809b4129ed08453f372337058e4c7956e259057cdaad9a8e910a9e73eb7e631779f3f4443d75ae4f6fcf83

      Download Submit

    • memory/1268-67-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2884-62-0x00000000022A0000-0x00000000022A1000-memory.dmp

      Filesize

      4KB

      Download